Note: This question is a part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your company has several Microsoft Azure SQL Database instances.

Data encryption should be allowed to be implemented by the client applications that access the data. Encryption keys should not be made available to the database engine.

You need to configure the database.

What should you implement?

A. transport-level encryption

B. cell-level encryption

C. Transparent Data Encryption

D. Always Encrypted

E. Encrypting File System

F. BitLocker

G. dynamic data masking

Explanation:

Using encryption during transit with Azure File Shares

Azure File Storage supports HTTPS when using the REST API, but is more commonly used as an SMB file share attached to a VM.

HTTPS is a transport-level security protocol.

Incorrect Answers:

C: TDE encrypts the storage of an entire database by using a symmetric key called the database encryption key. In SQL Database the database encryption key is protected by a built-in server certificate.

References: https://docs.microsoft.com/en-us/azure/storage/storage-security-guide#encryption-in-transit